DTRACE BACKGROUND. What Is DTrace?
|
|
- Irma Allen
- 8 years ago
- Views:
Transcription
1
2 What Is DTrace? DTRACE BACKGROUND *Dtrace was created by Sun Microsystems, Inc. and released under the Common Development and Distribution License (CDDL), a free software license based on the Mozilla Public License (MPL).
3 DTrace Background Kernel-based dynamic tracing framework Created by Sun Microsystems First released with Solaris 10 operating System Now included with Apple OS X Leopard, QNX Soon to be included with FreeBSD (John Birrell) OpenBSD, NetBSD, Linux? *Solaris is a trademark of Sun Microsystems, Inc. in the United States and/or other countries.
4 DTrace Overview DTrace is a framework for performance observability and debugging in real time Tracing is made possible by thousands of probes placed on the fly throughout the system Probes are points of instrumentation in the kernel When a program execution passes one of these points, the probe that enabled it is said to have fired DTrace can bind a set of actions to each probe
5 DTrace Architecture Source: Solaris Dynamic Tracing Guide
6 The D Language D is an interpreted, block-structured language D syntax is a subset of C D programs are compiled into intermediate form Intermediate form is validated for safety when your program is first examined by the DTrace kernel software The DTrace execution environment handles any runtime errors
7 The D Language D does not use control-flow constructs such as if statements and loops D program clauses are written as single, straightline statement lists that trace an optional, fixed amount of data D can conditionally trace data and modify control flow using logical expressions called predicates A predicate is tested at probe firing before executing any statements
8 DTrace Performance DTrace is dynamic: probes are enabled only when you need them No code is present for inactive probes There is no performance degradation when you are not using DTrace When the dtrace command exits, all probes are disabled and instrumentation removed The system is returned to its original state
9 DTrace Uses DTrace takes the power of multiple tools and unifies them with one programmatically accessible interface DTrace has features similar to the following: truss: tracing system calls, user functions ptrace: tracing library calls prex/tnf*: tracing kernel functions lockstat: profiling the kernel gdb: access to kernel/user memory
10 DTrace Uses DTrace combines system performance statistics, debugging information, and execution analysis into one tight package A real Swiss army knife for reverse engineers DTrace probes can monitor every part of the system, giving the big picture or zooming in for a closer look Can debug transient processes that other debuggers cannot
11 Creating DTrace Scripts Dozens of ready-to-use scripts are included with Sun s DTraceToolkit; they can be used as templates These scripts provide functions such as syscalls by process, reads and writes by process, file access, stack size, CPU time, memory r/w and statistics Complex problems can often be diagnosed by a single one-liner DTrace script
12 Example: Syscall Count System calls count by application: dtrace -n = count();}'. Matched 427 probes Syslogd DirectoryService Finder TextMate Cupsd Ruby vmware-vmx
13 Example: File Open Snoop #!/usr/sbin/dtrace -s syscall::open*:entry { printf("%s %s\n", execname, copyinstr(arg0)); }
14 Example: File Snoop Output vmware-vmx Finder ichat Microsoft Power nmblookup nmblookup nmblookup nmblookup Nmblookup /dev/urandom /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist /System/Library/PrivateFrameworks/ByteRange... ByteRangeLocking /dev/dtracehelper /dev/urandom /dev/autofs_nowait /System/Library/PrivateFrameworks/ByteRange... ByteRangeLocking
15 DTrace Lingo Probes are points of instrumentation Providers are logically grouped sets of probes Examples of providers include syscall, lockstat, fbt, io, mib Predicates allow actions to be taken only when certain conditions are met Actions are taken when a probe fires
16 DTrace Syntax Generic D Script Probe: provider:module:function:name Predicate: /some condition that needs to happen/ { Action: action1; action2; (ex: printf(); ) }
17 How Can We Use DTrace? DTRACE AND REVERSE ENGINEERING (RE)
18 DTrace for RE DTrace is extremely versatile and has many applications for RE It is very useful for understanding the way a process works and interacts with the rest of the system DTrace probes work in a manner very similar to debugger hooks DTrace probes are useful because they can be described generically and focused later
19 DTrace for RE Think of DTrace as a rapid development framework for RE tasks and tools One of DTrace s greatest assets is speed DTrace can instrument any process on the system without starting or stopping it Complex operations can be understood with a succinct one-line script You can refine your script as the process continues to run
20 Helpful Features DTrace gives us some valuable features for free: Control flow indicators Symbol resolution Call stack trace Function parameter values CPU register values Both in kernel space and user space!
21 Control Flow 1 -> -[AIContentController finishsendcontentobject:] 1 -> -[AIAdium notificationcenter] 1 <- -[AIAdium notificationcenter] 1 -> -[AIContentController processandsendcontentobject:] 1 -> -[AIContentController handlefilesendsforcontentmessage:] 1 <- -[AIContentController handlefilesendsforcontentmessage:] 1 -> -[AdiumOTREncryption willsendcontentmessage:] 1 -> policy_cb 1 -> contactfrominfo 1 -> -[AIAdium contactcontroller] 1 <- -[AIAdium contactcontroller] 1 -> accountfromaccountid
22 Symbol and Stack Trace dyld`strcmp dyld`imageloadermacho::findexportedsymbol(char dyld`imageloadermacho::resolveundefined(... dyld`imageloadermacho::dobindlazysymbol(unsigned dyld`dyld::bindlazysymbol(mach_header const*,... dyld`stub_binding_helper_interface2+0x15 Ftpd`yylex+0x48 Ftpd`yyparse+0x1d5 ftpd`ftp_loop+0x7c ftpd`main+0xe46
23 Function Parameters DTrace s copyin* functions allow you to copy data from the process space: printf("arg0=%s", copyinstr( arg0 )) Output: 1 -> strcmp arg0=_isspecial_l
24 CPU Register Values Uregs array allows access to reading CPU registers printf( EIP:%x, uregs[r_eip]); Example: EIP: 0xdeadbeef EAX: 0xffffeae6 EBP: 0xdefacedd ESP: 0x183f6000
25 Destructive Examples #!/usr/sbin/dtrace -w -s syscall::uname:entry { self->a = arg0; } syscall::uname:return{ copyoutstr( Windows, self->a, 257); copyoutstr( PowerPC, self->a+257, 257); copyoutstr( 2010.b17, self->a+(257*2), 257); copyoutstr( fud: , self->a+(257*3), 257); copyoutstr( PPC, self->addr+(257*4), 257); } Adapted from: Jon Haslam,
26 Snooping syscall::write: entry { self->a = arg0; } syscall::write: return { printf( write: %s, copyinstr(self->a); }
27 Got Ideas? Using DTrace: Monitor stack overflows Code coverage Fuzzer feedback Monitor heap overflows
28 DTrace vs. Debuggers Don t think of DTrace as a DBG. User mode and kernel mode debuggers allow you to control execution and inspect process information DTrace can instrument both the kernel and user land applications at the same time To trace execution, debuggers use instructions to pause and resume execution DTrace carries out parallel actions in the kernel when a probe is hit
29 DTrace vs. Debuggers Traditional debuggers also affect the target process s memory layout. DTrace doesn t DTrace does not directly perform exception handling DTrace can halt process and transfer control to external debugger Currently DTrace is not susceptible to traditional anti-debugging techniques (isdebuggerpresent()) However, Apple has implemented probe blocking with use of the PT_ATTACH_DENY
30 DTrace vs. Tracers Truss, ltrace, and strace operate one process at a time, with no system-wide capability Truss reduces application performance Truss stops threads through procfs, records the arguments for the system call, and then restarts the thread Valgrind is limited to a single process and only runs on Linux Ptrace is much more efficient at instruction level tracing but it is crippled on OS X *Valgrind is Open Source/Free Software and is freely available under the GNU General Public License.
31 DTrace Limitations The D language does not have conditionals or loops The output of many functions is to stdout (i.e., stack(), unstack()) Lack of loops and use of stdout means DTrace is not ideal for processing data We can fix this
32 RE:Trace Reverse Engineering with Ruby and DTrace
33 RE:Trace RE:Trace combines Ruby with DTrace Ruby gives us the power of OOP, text processing, iteration RE:Trace utilizes Ruby libdtrace bindings, written by Chris Andrews Can be the glue which combines the power of several existing Ruby RE frameworks (idarub, librub, metasm, MSF3) RE:Trace is similar to programmatic debuggers (pydbg, knoxdbg, immdbg)
34 IdaRub Wraps IDA interface Ruby code is the client Server is IDA plugin Ruby glues it all together IdaRub was released by Spoonm at REcon 2006 ida.set_item_color(eip, 3000) More info:
35 RE:Trace and Exploit Dev Vulnerability analysis times of conventional debuggers can be dramatically reduced with RE:Trace DTrace probes allow you to track data input flow throughout a process to understand where and why memory corruption took place Methods that cause stack and heap corruption can be pinpointed using IDARub to integrate IDA s static analysis features
36 RE:Trace and Code Coverage DTrace can hook every function in a process This makes it perfect for implementing a code coverage aware fuzzer Code coverage is useful for understanding what areas are being fuzzed Current RE code coverage monitors are mostly block based (PaiMei) We can use IDA to obtain block information or check code coverage at the function or instruction level
37 Writing a Stack Overflow Monitor MONITORING THE STACK
38 Stack Overflow Monitoring Programmatic control at EIP overflow time allows you to: Pinpoint the vulnerable function Reconstruct the function call trace Halt the process before damage occurs (HIDS) Dump and search process memory Send feedback to fuzzer Attach debugger
39 Overflow Detection in One Probe #/usr/sbin/dtrace -w -s pid$target:::return / uregs[r_eip] == 0x / { printf("don t tase me bro!!!"); stop()... }
40 Cautionaries A few issues to be aware of: DTrace drops probes by design Tune options, narrow trace scope to improve performance Some libraries and functions behave badly Stack overflows can cause violations before function return
41 First Approach Store RETURN value at function entry uregs[r_sp], NOT uregs[r_esp] Compare EIP to saved RETURN value at function return If different, there was an overflow Simple enough, but false positives from: Tail call optimizations Functions without return probes
42 DTrace and Tail Calls Certain compiler optimizations mess with the standard call/return control flow Tail calls are an example of such an optimization Two functions use the same stack frame, saves resources, less instruction DTrace reports tail calls as a return then a call, even though the return never happens EIP on return is not in the original calling function, it is the entry to second Screws up simple stack monitor if not aware of it
43 New Approach Store RETURN value at function entry At function return, compare saved RETURN value with CURRENT value Requires saving both the original return value and its address in memory Fires when saved RETURN! = current RETURN and EIP = current RETURN
44 But Missing Return Probes??? Still trouble with functions that never return Some functions misbehave DTrace does not like function jump tables (dyld_stub_*) Entry probe but no exit probe
45 Determining Missing Returns Using DTrace l flag List entry/exit probes for all functions Find functions with entry but no exit probe Using DTrace aggregates Run application Aggregate on function entries and exits Look for mismatches Exclude these functions with predicates / probefunc! = everybodyjump /
46 Stack Overflow Video
47 Advanced Tracing Diving in deeper: Instruction-level tracing Code coverage with IDA Pro and IdaRub Profiling idle and GUI code Feedback to the fuzzer, smart/evolutionary fuzzing Conditional tracing based on function parameters (reaching vulnerable code paths)
48 Instruction Tracing CODE COVERAGE
49 Code Coverage Approach Approach Instruction-level tracing using DTrace Must properly scope tracing Use IdaRub to send commands to IDA IDA colors instructions and code blocks Can be done in real time, if you can keep up
50 Tracing Instructions The last field of a probe is the offset in the function Entry = offset 0 Leave blank for every instruction Must map static global addresses to function offset addresses Print address of every instruction: pid$target:a.out:: { print( %d, uregs[r_eip]); }
51 Tracing Instructions (cont.) DTrace to print instructions Ruby-Dtrace to combined DTrace with Ruby Idarub and rublib to combined Ruby with IDA Tracing libraries When tracing libraries, must know memory layout of program vmmap on OS X will tell you Use offset to map runtime library EIPs to decompiled libraries
52 Code Coverage with DTrace Capabilities: Associate fuzz runs with code hit Visualize code paths Record number of times blocks were hit Compare idle traces to other traces Limitations: Instruction tracing can be slow for some applications Again, tuning and limiting scope
53 Coverage Visualization
54 Runtime Call Graphs
55 Writing a Heap Overflow Monitor MONITORING THE HEAP
56 Hackin the Heap with RE:Trace The heap has become the major attack vector replacing stack-based buffer overflows Relatively common unlink() write4 primitives are no longer as easy to exploit on many platforms See Aitel and Waisman s excellent Debugging with ID presentation for more details As they point out, the key to the new breed of heap exploit is understanding the heap layout and allocation patterns ImmDBG can help you with this on Win32, and Gerrado Richarte s heap tracer can help you with visualization and double free() on Solaris and Linux
57 Hackin the Heap with RE:Trace Many Different ways to use DTrace for heap exploits Standard double free(), double malloc(), Leak Detection Heap Visualization (Directed Graphs/OpenGL/Instruments) Pesky off by one errors Spot app specific function pointers to overwrite Find heap overflows/corruptions that might not be immediately dereferenced
58 OS X Heap Exploits ktrace = Bonds on the Pirates DTrace = Bonds on the Giants Older techniques such as overwriting initial_malloc_zones function pointers are dead You now have to overwrite app specific data DTrace already hooks functions to understand heap layout and allocation patterns (what, where, when) A slew of Heap Tools for OS X (vmmap, MallocScribble, MallocCheckHeap, leaks) DTrace is extensible and *quick* to use
59 Heap Visualization Directed Graph of Heap Allocation Sizes:
60 RE:Trace Heap Smasher() Refresher: When you malloc() on OS X, you are actually calling the scalable zone allocator, which breaks allocations into different zones by size: Adapted from: OS X Internals A System Approach
61 RE:Trace Heap Smasher() In our heap smash detector, we must keep track of four different heaps We do this by hooking malloc() calls and storing them to ruby hashes with the pointer as the key and the size allocated as the value We break the hashes into tiny, small, large, and huge by allocation size We then hook all allocations and determine if the pointer falls in the range of the previous allocations. We can adjust the heap as memory is free() d or realloc d()
62 RE:Trace Heap Smasher() By hooking C functions (strncpy, memcpy, memmove, etc.) we can determine if they are over-allocating to locations in the heap by looking at the arguments and comparing to our heap records pid$target::strncpy:entry { self->sizer = arg2; printf("copyentry:dst=0x%p src=0x%p;size=%i", arg0, arg1, arg2); self->sizer = 0; }
63 RE:Trace Heap Smasher() We can check to see if the allocation happens in a range we know about (check the hash). If it does, we know the size allocation, and we can tell if a smash will occur Compared to our stack smash detector, we need very few probes. A few dozen probes will hook all the functions we need We can attach to a live process on and off without disturbing it
64 RE:Trace Heap Smasher() We also keep a hash with the stack frame, which is called the original malloc() When an overflow is detected, we know: Who allocated it (stack frame) Who used it (function hook) Where the overflowed memory is How large the overflow was We can find out if its ever free() d
65 RE:Trace Heap Smasher() Video
66 RE:Trace Heap Smasher() Future additions: Graphviz/OpenGL Graphs There is a new version of Firefox which has probes in the JavaScript library This would give us functionality similar to Alexander Soitorov s HeapLib (Heap Fung Shui) for heap manipulation generically Safari/DTrace should follow soon You tell me?
67 Using DTrace Defensively DTRACE DEFENSE
68 Basic HIDS with DTrace Using Dtrace, you can profile your applications basic behavior You should then be able to trace for anomalies with predicates This is great for hacking up something to protect a custom application (monitor for return-to-libc) Easy to create a rails interface for monitoring with Ruby-DTrace
69 Basic HIDS with DTrace Problem: I want to use QuickTime, but it s got a #@#$@# of holes Solution: Make a DTrace script to call stop() when weird stuff happens QuickTime probably never needs to call /bin/sh or mprotect() on the stack to make it writable (Houston we have a problem) *QuickTime is a registered trademark of Apple Inc. in the United States and/or other countries.
70 Basic HIDS with DTrace #!/usr/sbin/dtrace -q -s proc:::exec /execname == "QuickTime Player" && args[0] == "/bin/sh"/ { printf("\n%s Has been p0wned! It tried to spawned %s\n, execname, args[0]) }
71 HIDS Video
72 DTrace and Rootkits Check out Archim s paper B.D.S.M the Solaris 10 Way, from the CCC Conference He created the SInAr rootkit for Solaris 10 Describes a method for hiding a rootkit from DTrace Only works on SPARC DTrace FBT (kernel) provider can spy on all active kernel modules Should have the ability to detect rootkits, which don t explicitly hide from DTrace (SInAr is the only one I could find) Expect more on this in the future
73 DTrace for Malware Analysis Very easy to hack up a script to analyze MalWare Example: Leopard DNS Changer (OSX.RSPlug.A ) Why the heck is my video codec calling /usr/sbin/scutil add ServerAddresses * $s1 $s2 set State:/Network/Service/$PSID/DNS You can monitor file I/O and syscalls with just two lines Scripts to do this now included with OS X by default Malware not hiding from DTrace yet BUT Apple made that a feature (yayyy!)
74 Hiding from DTrace In Jan. Core DTrace developer Adam Leventhal discovered that Apple crippled DTrace for Leopard On OSX Your application can set the PT_ATTACH_DENY flag to hide from DTrace just like you can for GDB Leventhal used timing attacks to figure out they are hiding itunes and QuickTime from DTrace Very easy to patch in memory or with kext Landon Fuller released a kext to do this
75 Conclusion DTrace can: Collect an unprecedented range of data Collect very specific measurements Scope can be very broad or very precise Applied to Reverse Engineering: Allows researchers to pinpoint specific situation (overflows) Or to understand general behavior (heap growth)
76 Future Work Automated feedback and integration with fuzzers Kernel tracing Improved overflow monitoring Heap manipulation libraries (think a crossplatform, cross-browser implementation of Soitorov s HeapLib) Utilizing application-specific probes (probes for JS in browsers, MySQL probes,...) Your own ideas!
77 Thank You! See the RE:Trace framework for implementation: Questions? Tiller Beauchamp SAIC David Weston SAIC
RE:Trace Applied Reverse Engineering on OS X. Tiller Beauchamp David Weston SAIC
RE:Trace Applied Reverse Engineering on OS X Tiller Beauchamp David Weston SAIC What Is DTrace? DTRACE BACKGROUND *Dtrace was created by Sun Microsystems, Inc. and released under the Common Development
More informationDTrace: The Reverse Engineer s Unexpected Swiss Army Knife
DTrace: The Reverse Engineer s Unexpected Swiss Army Knife Tiller Beauchamp David Weston Science Applications International Corporation {Tiller.L.Beauchamp,David.G.Weston@saic.com Abstract This paper will
More informationOS Observability Tools
OS Observability Tools Classic tools and their limitations DTrace (Solaris) SystemTAP (Linux) Slide 1 Where we're going with this... Know about OS observation tools See some examples how to use existing
More informationTesting for Security
Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is
More informationMonitoring, Tracing, Debugging (Under Construction)
Monitoring, Tracing, Debugging (Under Construction) I was already tempted to drop this topic from my lecture on operating systems when I found Stephan Siemen's article "Top Speed" in Linux World 10/2003.
More informationAttacking Obfuscated Code with IDA Pro. Chris Eagle
Attacking Obfuscated Code with IDA Pro Chris Eagle Outline Introduction Operation Demos Summary 2 First Order Of Business MOVE UP AND IN! There is plenty of room up front I can't increase the font size
More informationLinux Tools for Monitoring and Performance. Khalid Baheyeldin November 2009 KWLUG http://2bits.com
Linux Tools for Monitoring and Performance Khalid Baheyeldin November 2009 KWLUG http://2bits.com Agenda Introduction Definitions Tools, with demos Focus on command line, servers, web Exclude GUI tools
More informationBypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
More informationOracle Solaris Studio Code Analyzer
Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access
More informationFormat string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc WwW.Abysssec.Com
Format string exploitation on windows Using Immunity Debugger / Python By Abysssec Inc WwW.Abysssec.Com For real beneficiary this post you should have few assembly knowledge and you should know about classic
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationExploiting nginx chunked overflow bug, the undisclosed attack vector
Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le longld@vnsecurity.net About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET In this talk Nginx brief introduction Nginx chunked
More informationLeak Check Version 2.1 for Linux TM
Leak Check Version 2.1 for Linux TM User s Guide Including Leak Analyzer For x86 Servers Document Number DLC20-L-021-1 Copyright 2003-2009 Dynamic Memory Solutions LLC www.dynamic-memory.com Notices Information
More informationCustom Penetration Testing
Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools
More informationCompilers and Tools for Software Stack Optimisation
Compilers and Tools for Software Stack Optimisation EJCP 2014 2014/06/20 christophe.guillon@st.com Outline Compilers for a Set-Top-Box Compilers Potential Auto Tuning Tools Dynamic Program instrumentation
More informationSoftware Tracing of Embedded Linux Systems using LTTng and Tracealyzer. Dr. Johan Kraft, Percepio AB
Software Tracing of Embedded Linux Systems using LTTng and Tracealyzer Dr. Johan Kraft, Percepio AB Debugging embedded software can be a challenging, time-consuming and unpredictable factor in development
More informationHotpatching and the Rise of Third-Party Patches
Hotpatching and the Rise of Third-Party Patches Alexander Sotirov asotirov@determina.com BlackHat USA 2006 Overview In the next one hour, we will cover: Third-party security patches _ recent developments
More informationDefense in Depth: Protecting Against Zero-Day Attacks
Defense in Depth: Protecting Against Zero-Day Attacks Chris McNab FIRST 16, Budapest 2004 Agenda Exploits through the ages Discussion of stack and heap overflows Common attack behavior Defense in depth
More informationBug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit
Bug hunting Vulnerability finding methods in Windows 32 environments compared FX of Phenoelit The goal: 0day What we are looking for: Handles network side input Runs on a remote system Is complex enough
More informationI Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
More informationOperating System Structures
COP 4610: Introduction to Operating Systems (Spring 2015) Operating System Structures Zhi Wang Florida State University Content Operating system services User interface System calls System programs Operating
More informationJonathan Worthington Scarborough Linux User Group
Jonathan Worthington Scarborough Linux User Group Introduction What does a Virtual Machine do? Hides away the details of the hardware platform and operating system. Defines a common set of instructions.
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationExample of Standard API
16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface
More informationImprove Fortran Code Quality with Static Analysis
Improve Fortran Code Quality with Static Analysis This document is an introductory tutorial describing how to use static analysis on Fortran code to improve software quality, either by eliminating bugs
More informationIntroduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code
Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and
More informationRTOS Debugger for ecos
RTOS Debugger for ecos TRACE32 Online Help TRACE32 Directory TRACE32 Index TRACE32 Documents... RTOS Debugger... RTOS Debugger for ecos... 1 Overview... 2 Brief Overview of Documents for New Users... 3
More informationDtrace for Java Developers What Java developers should know about Dtrace
Dtrace for Java Developers What Java developers should know about Dtrace Jason Brazile and Stefan Tramm Netcetera 4260 DTrace: What and Why? 2 > What? It is a scriptable, unobtrusive, system observer with
More informationInstrumentation Software Profiling
Instrumentation Software Profiling Software Profiling Instrumentation of a program so that data related to runtime performance (e.g execution time, memory usage) is gathered for one or more pieces of the
More informationHands-on CUDA exercises
Hands-on CUDA exercises CUDA Exercises We have provided skeletons and solutions for 6 hands-on CUDA exercises In each exercise (except for #5), you have to implement the missing portions of the code Finished
More informationReal-time Debugging using GDB Tracepoints and other Eclipse features
Real-time Debugging using GDB Tracepoints and other Eclipse features GCC Summit 2010 2010-010-26 marc.khouzam@ericsson.com Summary Introduction Advanced debugging features Non-stop multi-threaded debugging
More information<Insert Picture Here> How To Build Better Applications With Oracle Solaris DTrace
1 How To Build Better Applications With Oracle Solaris DTrace Brendan Gregg Principal Software Engineer Jim Mauro Senior Principal Software Engineer Agenda - Oracle Solaris Dynamic
More informationFrysk The Systems Monitoring and Debugging Tool. Andrew Cagney
Frysk The Systems Monitoring and Debugging Tool Andrew Cagney Agenda Two Use Cases Motivation Comparison with Existing Free Technologies The Frysk Architecture and GUI Command Line Utilities Current Status
More information0days: How hacking really works. V 1.0 Jan 29, 2005 Dave Aitel dave@immunitysec.com
0days: How hacking really works V 1.0 Jan 29, 2005 Dave Aitel dave@immunitysec.com Who am I? NSA->@stake->Immunity CEO of Immunity, Inc. Consulting (product assessments) Immunity CANVAS Immunity Partner's
More informationThe Hacker Strategy. Dave Aitel dave@immunityinc.com. Security Research
1 The Hacker Strategy Dave Aitel dave@immunityinc.com Security Research Who am I? CTO, Immunity Inc. History: NSA->@stake -> Immunity Responsible for new product development Vulnerability Sharing Club
More informationUnix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>
Unix Security Technologies Pete Markowsky What is this about? The goal of this CPU/SWS are: Introduce you to classic vulnerabilities Get you to understand security advisories Make
More informationHelping you avoid stack overflow crashes!
Helping you avoid stack overflow crashes! One of the toughest (and unfortunately common) problems in embedded systems is stack overflows and the collateral corruption that it can cause. As a result, we
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationGetting Started with CodeXL
AMD Developer Tools Team Advanced Micro Devices, Inc. Table of Contents Introduction... 2 Install CodeXL... 2 Validate CodeXL installation... 3 CodeXL help... 5 Run the Teapot Sample project... 5 Basic
More informationModern Binary Exploitation Course Syllabus
Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday
More informationEliminate Memory Errors and Improve Program Stability
Eliminate Memory Errors and Improve Program Stability with Intel Parallel Studio XE Can running one simple tool make a difference? Yes, in many cases. You can find errors that cause complex, intermittent
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationTopics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives
Introduction to Programming and Algorithms Module 1 CS 146 Sam Houston State University Dr. Tim McGuire Module Objectives To understand: the necessity of programming, differences between hardware and software,
More informationHacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X
Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X Charles Miller Independent Security Evaluators August 2, 2007 cmiller@securityevaluators.com Charles Miller Independent Security
More informationTransparent Monitoring of a Process Self in a Virtual Environment
Transparent Monitoring of a Process Self in a Virtual Environment PhD Lunchtime Seminar Università di Pisa 24 Giugno 2008 Outline Background Process Self Attacks Against the Self Dynamic and Static Analysis
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationDesign and Implementation of a Real-Time Cloud Analytics Platform
Design and Implementation of a Real-Time Cloud Analytics Platform OSCON Data 2011 David Pacheco (@dapsays) Brendan Gregg (@brendangregg) Agenda The Problem Cloud Analytics Demo Experiences 2 Cloud Performance
More informationTuning WebSphere Application Server ND 7.0. Royal Cyber Inc.
Tuning WebSphere Application Server ND 7.0 Royal Cyber Inc. JVM related problems Application server stops responding Server crash Hung process Out of memory condition Performance degradation Check if the
More informationHigh Performance Computing in Aachen
High Performance Computing in Aachen Christian Iwainsky iwainsky@rz.rwth-aachen.de Center for Computing and Communication RWTH Aachen University Produktivitätstools unter Linux Sep 16, RWTH Aachen University
More informationRuntime Monitoring & Issue Tracking
Runtime Monitoring & Issue Tracking http://d3s.mff.cuni.cz Pavel Parízek parizek@d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Runtime monitoring Nástroje pro vývoj software
More informationSoftware Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
More informationDrupal Performance Tuning
Drupal Performance Tuning By Jeremy Zerr Website: http://www.jeremyzerr.com @jrzerr http://www.linkedin.com/in/jrzerr Overview Basics of Web App Systems Architecture General Web
More informationGPU Tools Sandra Wienke
Sandra Wienke Center for Computing and Communication, RWTH Aachen University MATSE HPC Battle 2012/13 Rechen- und Kommunikationszentrum (RZ) Agenda IDE Eclipse Debugging (CUDA) TotalView Profiling (CUDA
More informationUsing System Tracing Tools to Optimize Software Quality and Behavior
Using System Tracing Tools to Optimize Software Quality and Behavior Thomas Fletcher, Director, Automotive Solutions QNX Software Systems Ltd. thomasf@qnx.com Gaining Insight At one time, embedded devices
More informationLinux Kernel. Security Report
Linux Kernel Security Report September 25 Authors: Andy Chou, Bryan Fulton and Seth Hallem Coverity has combined two years of analysis work carried out in a commercial setting at Coverity with four years
More informationData on Kernel Failures and Security Incidents
Data on Kernel Failures and Security Incidents Ravishankar K. Iyer (W. Gu, Z. Kalbarczyk, G. Lyle, A. Sharma, L. Wang ) Center for Reliable and High-Performance Computing Coordinated Science Laboratory
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationW4118 Operating Systems. Junfeng Yang
W4118 Operating Systems Junfeng Yang Outline Linux overview Interrupt in Linux System call in Linux What is Linux A modern, open-source OS, based on UNIX standards 1991, 0.1 MLOC, single developer Linus
More informationApplication-Level Debugging and Profiling: Gaps in the Tool Ecosystem. Dr Rosemary Francis, Ellexus
Application-Level Debugging and Profiling: Gaps in the Tool Ecosystem Dr Rosemary Francis, Ellexus For years instruction-level debuggers and profilers have improved in leaps and bounds. Similarly, system-level
More informationMPI / ClusterTools Update and Plans
HPC Technical Training Seminar July 7, 2008 October 26, 2007 2 nd HLRS Parallel Tools Workshop Sun HPC ClusterTools 7+: A Binary Distribution of Open MPI MPI / ClusterTools Update and Plans Len Wisniewski
More informationumps software development
Laboratorio di Sistemi Operativi Anno Accademico 2006-2007 Software Development with umps Part 2 Mauro Morsiani Software development with umps architecture: Assembly language development is cumbersome:
More informationLaboratorio di Sistemi Operativi Anno Accademico 2009-2010
Laboratorio di Sistemi Operativi Anno Accademico 2009-2010 Software Development with umps Part 2 Mauro Morsiani Copyright Permission is granted to copy, distribute and/or modify this document under the
More informationGlossary of Object Oriented Terms
Appendix E Glossary of Object Oriented Terms abstract class: A class primarily intended to define an instance, but can not be instantiated without additional methods. abstract data type: An abstraction
More informationserious tools for serious apps
524028-2 Label.indd 1 serious tools for serious apps Real-Time Debugging Real-Time Linux Debugging and Analysis Tools Deterministic multi-core debugging, monitoring, tracing and scheduling Ideal for time-critical
More informationIntroduction. Figure 1 Schema of DarunGrim2
Reversing Microsoft patches to reveal vulnerable code Harsimran Walia Computer Security Enthusiast 2011 Abstract The paper would try to reveal the vulnerable code for a particular disclosed vulnerability,
More informationDebugging in Heterogeneous Environments with TotalView. ECMWF HPC Workshop 30 th October 2014
Debugging in Heterogeneous Environments with TotalView ECMWF HPC Workshop 30 th October 2014 Agenda Introduction Challenges TotalView overview Advanced features Current work and future plans 2014 Rogue
More informationBetriebssysteme KU Security
Betriebssysteme KU Security IAIK Graz University of Technology 1 1. Drivers 2. Security - The simple stuff 3. Code injection attacks 4. Side-channel attacks 2 1. Drivers 2. Security - The simple stuff
More informationAdvanced IBM AIX Heap Exploitation. Tim Shelton V.P. Research & Development HAWK Network Defense, Inc. tshelton@hawkdefense.com
Advanced IBM AIX Heap Exploitation Tim Shelton V.P. Research & Development HAWK Network Defense, Inc. tshelton@hawkdefense.com Introduction Our society has become dependent on computers and network systems.
More informationELEC 377. Operating Systems. Week 1 Class 3
Operating Systems Week 1 Class 3 Last Class! Computer System Structure, Controllers! Interrupts & Traps! I/O structure and device queues.! Storage Structure & Caching! Hardware Protection! Dual Mode Operation
More informationTHE BUSY DEVELOPER'S GUIDE TO JVM TROUBLESHOOTING
THE BUSY DEVELOPER'S GUIDE TO JVM TROUBLESHOOTING November 5, 2010 Rohit Kelapure HTTP://WWW.LINKEDIN.COM/IN/ROHITKELAPURE HTTP://TWITTER.COM/RKELA Agenda 2 Application Server component overview Support
More informationReverse Engineering and Computer Security
Reverse Engineering and Computer Security Alexander Sotirov alex@sotirov.net Introduction Security researcher at Determina, working on our LiveShield product Responsible for vulnerability analysis and
More informationTools and Techniques to automate the discovery of Zero Day Vulnerabilities. A.K.A Fuzzing 101
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY
More informationLast Class: OS and Computer Architecture. Last Class: OS and Computer Architecture
Last Class: OS and Computer Architecture System bus Network card CPU, memory, I/O devices, network card, system bus Lecture 3, page 1 Last Class: OS and Computer Architecture OS Service Protection Interrupts
More informationSecurity & Exploitation
Security & Exploitation Operating Systems Spring 2015 RPISEC - 05/11/2015 OS Security 1 whoami Markus Gaasedelen B.S. Computer Science 15 Security Enthusiast I like to hack things President of RPISEC http://rpis.ec
More informationZend Server 4.0 Beta 2 Release Announcement What s new in Zend Server 4.0 Beta 2 Updates and Improvements Resolved Issues Installation Issues
Zend Server 4.0 Beta 2 Release Announcement Thank you for your participation in the Zend Server 4.0 beta program. Your involvement will help us ensure we best address your needs and deliver even higher
More informationEugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
More informationInterpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters
Interpreters and virtual machines Michel Schinz 2007 03 23 Interpreters Interpreters Why interpreters? An interpreter is a program that executes another program, represented as some kind of data-structure.
More informationDebugging A MotoHawk Application using the Application Monitor
CONTROL SYSTEM SOLUTIONS Debugging A MotoHawk Application using the Application Monitor Author(s): New Eagle Consulting 3588 Plymouth Road, #274 Ann Arbor, MI 48105-2603 Phone: +1 (734) 929-4557 Ben Hoffman
More informationEECS 354 Network Security. Introduction
EECS 354 Network Security Introduction Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how to think like an attacker Defense then becomes second-nature
More informationASL IT SECURITY XTREME XPLOIT DEVELOPMENT
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits
More informationIvan Medvedev Principal Security Development Lead Microsoft Corporation
Ivan Medvedev Principal Security Development Lead Microsoft Corporation Session Objectives and Takeaways Session Objective(s): Give an overview of the Security Development Lifecycle Discuss the externally
More informationCS3600 SYSTEMS AND NETWORKS
CS3600 SYSTEMS AND NETWORKS NORTHEASTERN UNIVERSITY Lecture 2: Operating System Structures Prof. Alan Mislove (amislove@ccs.neu.edu) Operating System Services Operating systems provide an environment for
More informationHacking your perimeter. Social-Engineering. Not everyone needs to use zero. David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K
Hacking your perimeter. Social-Engineering Not everyone needs to use zero days David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K About the speaker Wrote the Social-Engineer Toolkit (SET),
More informationUsing Nessus In Web Application Vulnerability Assessments
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed
More informationSystem Structures. Services Interface Structure
System Structures Services Interface Structure Operating system services (1) Operating system services (2) Functions that are helpful to the user User interface Command line interpreter Batch interface
More informationCourse MS10975A Introduction to Programming. Length: 5 Days
3 Riverchase Office Plaza Hoover, Alabama 35244 Phone: 205.989.4944 Fax: 855.317.2187 E-Mail: rwhitney@discoveritt.com Web: www.discoveritt.com Course MS10975A Introduction to Programming Length: 5 Days
More informationIBM Tivoli Composite Application Manager for WebSphere
Meet the challenges of managing composite applications IBM Tivoli Composite Application Manager for WebSphere Highlights Simplify management throughout the life cycle of complex IBM WebSphere-based J2EE
More informationCompute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005
Compute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005 Compute Cluster Server Lab 3: Debugging the parallel MPI programs in Microsoft Visual Studio 2005... 1
More informationVirtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader
Virtualization System Vulnerability Discovery Framework Speaker: Qinghao Tang Title:360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationChapter 2 System Structures
Chapter 2 System Structures Operating-System Structures Goals: Provide a way to understand an operating systems Services Interface System Components The type of system desired is the basis for choices
More informationAccelerating Rails with
Accelerating Rails with lighty Jan Kneschke jan@kneschke.de RailsConf 2006 Chicago, IL, USA Who is that guy? Jan Kneschke Main developer of lighty Works at MySQL AB Lives in Kiel, Germany Had to choose
More informationEnterprise Manager Performance Tips
Enterprise Manager Performance Tips + The tips below are related to common situations customers experience when their Enterprise Manager(s) are not performing consistent with performance goals. If you
More informationChapter 3 Operating-System Structures
Contents 1. Introduction 2. Computer-System Structures 3. Operating-System Structures 4. Processes 5. Threads 6. CPU Scheduling 7. Process Synchronization 8. Deadlocks 9. Memory Management 10. Virtual
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More informationDebugging Java performance problems. Ryan Matteson matty91@gmail.com http://prefetch.net
Debugging Java performance problems Ryan Matteson matty91@gmail.com http://prefetch.net Overview Tonight I am going to discuss Java performance, and how opensource tools can be used to debug performance
More informationC Compiler Targeting the Java Virtual Machine
C Compiler Targeting the Java Virtual Machine Jack Pien Senior Honors Thesis (Advisor: Javed A. Aslam) Dartmouth College Computer Science Technical Report PCS-TR98-334 May 30, 1998 Abstract One of the
More informationFATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory p.1/11
FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory DFRWS 2006: Work in Progress (WIP) Aug 16, 2006 AAron Walters 4TΦ Research Nick L. Petroni Jr. University
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More information